We have a Check Point firewall to secure our perimeter as well as on the internal network. We also have our Security Management server on VM. Both perimeter & internal sets are managed via the same Security Management system.
Two separate packages are created for both perimeter & internal sets.
We are also managing a SandBlast device via Security Management.
Even though all of the work is performed by the gateway, Security Management plays a vital role in a three-tier architecture. Here, our primary use case is to push security policies & manage logs.